Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 23:05:10 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1094659961&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0208-exploits%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1094659961.1338159910.1338159910.1338159910.1%3B%2B__utmz%3D32867617.1338159910.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/30536/imap4.c http://packetstormsecurity.org/files/30536/imap4.c http://packetstormsecurity.org/files/30536/imap4.c.html Sat, 30 Nov 2002 20:21:25 GMT Redhat 7.0 remote buffer overflow exploit for IMAP4rev1 prior to v10.234. http://packetstormsecurity.org/files/26499/0208-exploits.tgz http://packetstormsecurity.org/files/26499/0208-exploits.tgz http://packetstormsecurity.org/files/26499/0208-exploits.tgz.html Mon, 02 Sep 2002 15:54:53 GMT Packet Storm new exploits for August, 2002. http://packetstormsecurity.org/files/29528/smb.c http://packetstormsecurity.org/files/29528/smb.c http://packetstormsecurity.org/files/29528/smb.c.html Sat, 31 Aug 2002 22:56:18 GMT Denial of service exploit for Core ST's recently discovered Windows SMB vulnerability which works against Windows NT/2k/XP. http://packetstormsecurity.org/files/28335/adv-002-mirc.htm http://packetstormsecurity.org/files/28335/adv-002-mirc.htm http://packetstormsecurity.org/files/28335/adv-002-mirc.htm.html Fri, 30 Aug 2002 03:43:57 GMT Many scripts installed in mIRC below version 6.03 allow remote compromise if they use the $asctime identifier, which is used to format unix time stamps. Includes proof of concept code which causes mIRC to execute a command line on any supported OS. Most users have not yet upgraded. http://packetstormsecurity.org/files/29487/DSR-apache2.0x.c http://packetstormsecurity.org/files/29487/DSR-apache2.0x.c http://packetstormsecurity.org/files/29487/DSR-apache2.0x.c.html Thu, 29 Aug 2002 17:42:53 GMT This Proof of Concept exploit for the current directory traversal design flaw in apache 2.0.x - 2.0.39 allows any attacker to view any file on the target machine. Original vulnerability found by Luigi Auriemma. Affected Systems: Windows [win32], Netware, OS2, Cygwin. http://packetstormsecurity.org/files/29486/calderax.txt http://packetstormsecurity.org/files/29486/calderax.txt http://packetstormsecurity.org/files/29486/calderax.txt.html Thu, 29 Aug 2002 17:24:03 GMT Proof of concept local exploit for the Caldera Linux X11 server. The Xserver calls xkbcomp in an insecure manner while not dropping privileges. http://packetstormsecurity.org/files/29485/asctime-poc http://packetstormsecurity.org/files/29485/asctime-poc http://packetstormsecurity.org/files/29485/asctime-poc.html Thu, 29 Aug 2002 17:19:21 GMT mIRC, the popular chat client for the IRC has support for a scripting language that has been found to be vulnerable. A buffer overflow exists in the $asctime identifier where an error lies in the handling of oversized format specifier strings. http://packetstormsecurity.org/files/29481/omnihttpd.txt http://packetstormsecurity.org/files/29481/omnihttpd.txt http://packetstormsecurity.org/files/29481/omnihttpd.txt.html Thu, 29 Aug 2002 06:57:03 GMT OLE controls or OCX controls, are components (or objects) you can insert into a Web page or other application to reuse packaged functionality someone else programmed. An unchecked buffer exists in the ActiveX control used to display specially formatted text. This could be executed by encouraging an unsuspecting user to visit a malicious web page. http://packetstormsecurity.org/files/29480/ubpbbs.txt http://packetstormsecurity.org/files/29480/ubpbbs.txt http://packetstormsecurity.org/files/29480/ubpbbs.txt.html Thu, 29 Aug 2002 05:33:46 GMT A flaw in the Ultimate PHP Board (UPB) software allows standard users to create an admin accounts with lower case letters that has standard user privileges but that may cause confusion to other users. Fix included. http://packetstormsecurity.org/files/29474/idefense.webmin.txt http://packetstormsecurity.org/files/29474/idefense.webmin.txt http://packetstormsecurity.org/files/29474/idefense.webmin.txt.html Thu, 29 Aug 2002 05:15:18 GMT iDEFENSE Security Advisory 08.28.2002 - Webmin v0.92 and below contains remote vulnerabilities which allow any file to be read from or written to as root. Perl exploit code included. http://packetstormsecurity.org/files/26596/SMBdie.zip http://packetstormsecurity.org/files/26596/SMBdie.zip http://packetstormsecurity.org/files/26596/SMBdie.zip.html Tue, 27 Aug 2002 04:56:20 GMT SMBdie is a proof of concept tool which crashes Windows machines with Netbios enabled by sending a specially crafted SMB request. Tested against Windows NT/2k/XP/.NET RC1. http://packetstormsecurity.org/files/26595/gdam123-expl.c http://packetstormsecurity.org/files/26595/gdam123-expl.c http://packetstormsecurity.org/files/26595/gdam123-expl.c.html Tue, 27 Aug 2002 04:46:09 GMT Local proof of concept exploit for the gdam123 software package. Exploits an unchecked buffer in filename option. http://packetstormsecurity.org/files/26569/holygrail.c http://packetstormsecurity.org/files/26569/holygrail.c http://packetstormsecurity.org/files/26569/holygrail.c.html Wed, 21 Aug 2002 04:05:31 GMT Holygrail.c is a remote root exploit for telnetd under Solaris Sparc 2.5.1, 2.6, 2.7, and 8. Verified to work against Solaris 7 and 8 sparc - spawns a root shell. http://packetstormsecurity.org/files/26563/imapdog.pl http://packetstormsecurity.org/files/26563/imapdog.pl http://packetstormsecurity.org/files/26563/imapdog.pl.html Sun, 18 Aug 2002 20:45:28 GMT IMAP4rev1 remote exploit written for RedHat and Slackware Linux. http://packetstormsecurity.org/files/26556/UltimaRatioVegas.c http://packetstormsecurity.org/files/26556/UltimaRatioVegas.c http://packetstormsecurity.org/files/26556/UltimaRatioVegas.c.html Sun, 18 Aug 2002 20:02:33 GMT Phenoelit Ultima Ratio - a Cisco IOS exploitation of a heap overflow and using actual shell code to upload a new config; all in one UDP packet. Exploits an issue in the 11.x IOS TFTP server. Works against Cisco 1600 and 1000 series routers, but is designed as PoC. http://packetstormsecurity.org/files/26555/MWS_exp.pl http://packetstormsecurity.org/files/26555/MWS_exp.pl http://packetstormsecurity.org/files/26555/MWS_exp.pl.html Fri, 16 Aug 2002 07:17:37 GMT MyWebServer v1.0.2 remote buffer overflow exploit in perl. Included shellcode opens a shell on port 7788. http://packetstormsecurity.org/files/26542/HelpMe2.pl http://packetstormsecurity.org/files/26542/HelpMe2.pl http://packetstormsecurity.org/files/26542/HelpMe2.pl.html Tue, 13 Aug 2002 07:19:12 GMT Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.2778. http://packetstormsecurity.org/files/26541/HelpMe.pl http://packetstormsecurity.org/files/26541/HelpMe.pl http://packetstormsecurity.org/files/26541/HelpMe.pl.html Tue, 13 Aug 2002 07:18:17 GMT Exploit code for Winhlp32.exe remote buffer overflow vulnerability. Calls WinExec SW_HIDE and executes supplied command. Tested against Windows 2000 Professional SP2. Written for Kernel32.dll version 5.0.2195.4272. http://packetstormsecurity.org/files/26540/sql2kx2.txt http://packetstormsecurity.org/files/26540/sql2kx2.txt http://packetstormsecurity.org/files/26540/sql2kx2.txt.html Tue, 13 Aug 2002 07:04:55 GMT SQL Server 2000 remote buffer overflow exploit. Uses tcp port 1433. More information here. http://packetstormsecurity.org/files/26539/sql2kx.c http://packetstormsecurity.org/files/26539/sql2kx.c http://packetstormsecurity.org/files/26539/sql2kx.c.html Tue, 13 Aug 2002 06:39:16 GMT SQL Server 2000 remote buffer overflow exploit. Tested against Win2ksp2. Included shellcode creates the file \scan_sql2k_bo. Fix available here. http://packetstormsecurity.org/files/26534/int.exp.txt http://packetstormsecurity.org/files/26534/int.exp.txt http://packetstormsecurity.org/files/26534/int.exp.txt.html Sun, 11 Aug 2002 00:40:32 GMT This exploit works against a recent bug found in RedHat's Interchange commerce system that allows for the typical directory traversal attack. http://packetstormsecurity.org/files/26531/GOBBLES-own-ipppd.c http://packetstormsecurity.org/files/26531/GOBBLES-own-ipppd.c http://packetstormsecurity.org/files/26531/GOBBLES-own-ipppd.c.html Sat, 10 Aug 2002 23:48:29 GMT Gobbles exploit for ipppd which is part of the isdn4linux-utils package and is part of the default install of many linux distributions. Under Suse 8.0, ipppd is installed suid root but can only be run by users in the group "dialout". The exploit works on a syslog(3) format string problem: syslog(LOG_NOTICE,devstr). This code is normally only reached with a valid device string but if you feed ipppd a devicename that is >= 256 bytes it will merrily proceed to log this string using the faulty syslog(3) call. Subsequently handing over root access to the machine. http://packetstormsecurity.org/files/26530/shatter.zip http://packetstormsecurity.org/files/26530/shatter.zip http://packetstormsecurity.org/files/26530/shatter.zip.html Sat, 10 Aug 2002 23:26:00 GMT This exploit was designed as a proof-of-concept application to show how the vulnerable Win32 Messaging System fails to authenticate a source of a message. This particular application was designed to be used against Network Associates VirusScan v4.5.1 running on Win2k Professional. Microsoft VP Jim Allchin stated under oath that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. This is the exploitation that was being referenced. Please reference the white paper for more information. http://packetstormsecurity.org/files/26528/mozillaftp.txt http://packetstormsecurity.org/files/26528/mozillaftp.txt http://packetstormsecurity.org/files/26528/mozillaftp.txt.html Fri, 09 Aug 2002 06:05:17 GMT Mozilla FTP View Cross-Site Scripting Vulnerability - Mozilla allows the running Malicious Scripts due to a bug in 'FTP view' feature. If you click on a malicious link, the script embedded in URL will run. This problem is in 'FTP view' feature. The 'URL' is not escaped. Fixed in Mozilla 1.0.1. http://packetstormsecurity.org/files/26526/operaftp.txt http://packetstormsecurity.org/files/26526/operaftp.txt http://packetstormsecurity.org/files/26526/operaftp.txt.html Fri, 09 Aug 2002 05:47:10 GMT Opera FTP View Cross-Site Scripting Vulnerability - Opera allows running Malicious Scripts due to a bug in 'FTP view' feature. If you click on a malicious link, the script embedded in URL will run. This problem is in 'FTP view' feature. The 'URL' is not escaped. Vulnerable: Windows2000 SP2 Opera 6.03 and Windows2000 SP2 Opera 6.04